The Cybersecurity and Infrastructure Security Agency (CISA) and corporate investigators said they believe the operation of cyber attackers allegedly linked to Russia extended far beyond compromising SolarWinds’ Orion software and found that about 30 percent of victims in the private and government sectors were not using the software, The Wall Street Journal reported Friday.
The hackers “gained access to their targets in a variety of ways. This adversary has been creative,” said Brandon Wales, acting director of CISA. “It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign.”
Malwarebytes, a computer security company, said the same hackers who targeted SolarWinds also compromised a number of its Microsoft 356 cloud email accounts by leveraging a vulnerability in the software’s configuration to secure access to email accounts. Malwarebytes noted that it does not use SolarWinds Orion.
A source said SolarWinds is now investigating whether hackers used Microsoft’s cloud as a primary entry point into its network.
“We continue to collaborate closely with federal law enforcement and intelligence agencies to investigate the full scope of this unprecedented attack,” a spokesman for SolarWinds said in an email.
The cyber attack breached the departments of Homeland Security, State, Commerce, Energy, Labor and the Treasury and Wales said the ongoing investigation has identified dozens of organizations within the private sector as victims in the attack, bringing the total number of compromised institutions to well under 100.
“We continue to maintain that this is an espionage campaign designed for long-term intelligence collection,” Wales said.